FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6601c08d-a46c-11ec-8be6-d4c9ef517024Apache httpd -- Multiple vulnerabilities

The Apache httpd project reports:

  • mod_lua: Use of uninitialized value of in r:parsebody (moderate) (CVE-2022-22719)

    A carefully crafted request body can cause a read to a random memory area which could cause the process to crash.

  • HTTP request smuggling vulnerability (important) (CVE-2022-22720)

    httpd fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling

  • core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (low) (CVE-2022-22721)

    If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes.

  • mod_sed: Read/write beyond bounds (important) (CVE-2022-23924)

    Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data.


Discovery 2022-03-14
Entry 2022-03-15
apache24
lt 2.4.53

CVE-2022-22719
CVE-2022-22720
CVE-2022-22721
CVE-2022-23943
https://httpd.apache.org/security/vulnerabilities_24.html